foreword
With the development of information technology and the rapid popularization of the Internet, more and more information is stored in the cloud, and the security problems faced by enterprises are becoming increasingly prominent. Under the requirements of many laws and regulations such as the "Network Security Law" and "Data Security Law", users in various industries have set up security departments. Regardless of the setting of "one person in charge" or "threes, threes, twos" in the security department, it is full of "beautiful sustenance" from enterprise users to solve difficult network security threats and incidents.
The reason why it is called "good sustenance (fantasy)" is because in a large group or an enterprise with a complex organizational structure, the key to determining the extent to which the security department plays its role is not "human sea tactics", but " wisdom + tools ". Especially in network security access control .
1. Network micro-segregation tools that are "unaffordable"
As a security operation and maintenance person, the layman sees the relaxed side, while the security operation and maintenance person also sees the many moments when he is "helpless" in the face of difficult-to-use network micro-isolation tools.
1. There are too many old business systems, and "I" just took over
The security operation and maintenance personnel who just took over often have headaches when they try to understand the old business system but cannot find familiar people.
2. Traffic self-study for a week, it is useless after the change
In order to control the network access strategy more precisely, the security operation and maintenance personnel turned on the traffic self-learning mode, but unexpectedly encountered the change of the business system port!
3. Cross-company and cross-departmental collaboration is time-consuming and laborious
In a large group, security operation and maintenance personnel need to include all business systems in access control. Since each department is responsible for a very professional field, it is often time-consuming and labor-intensive for the security team to coordinate the operation and maintenance team and multiple application development teams to carry out comprehensive collaborative tasks across multiple departments, such as micro-isolation access control policy confirmation. When faced with a dynamic and rapidly changing cloud-native environment, frequent coordination work is more time-consuming...
Time-consuming, laborious and helpless security operation and maintenance personnel still have to adjust their mentality, do a good job in network security access management, and prevent attackers from entering the intranet, free lateral movement and penetration ! Otherwise, not only sensitive data will be leaked , but you may also face administrative penalties from relevant laws and regulations (the pot is too big).
The meal in the security operation and maintenance post is really "difficult to chew". The current mainstream access control strategy has a high threshold for self-learning. No matter how skilled the security operation and maintenance personnel are, they can’t handle many applications (because if they are not familiar with it, it may lead to problems such as incomplete policy coverage or false interception), many policy confirmations, and coordination among multiple departments. "Five Fingers Mountain".
2. The strategy of joint defense and joint resistance to break the "Wuzhishan"
In the new version of the micro-isolation product Cloud Gap , Safedog launched the " Joint Defense Strategy ", which makes the network access control work of security operation and maintenance personnel easier from the two dimensions of reducing God help!
linkage strategy design concept
The joint defense and defense system consisting of SafeDog micro-isolation product Yungap , cloud-native container security product Yunjia , and host security product Yunyan , that is, joint discovery and collaborative defense mainly includes several application scenarios :
Scenario 1: Joint discovery to accurately identify security threats
Yungap, Yunyan and Yunjia can integrate and coordinate all kinds of fine-grained assets, hidden dangers and security incidents scattered on the host side, container side and network side, as well as threat detection and defense functions, forming a joint discovery and The ability to jointly defend against various security threats can jointly monitor system processes, files and network connections, and discover various security threats in time. The accuracy and effectiveness of threat event detection are improved through multiple security protections.
Scenario 2: Comprehensive research and judgment, visual attack path
Yungap, Yunyan and Yunjia share security events and data. Among them, Yunyan and Yunjia monitor virus attacks in real time and share information with Yungap. Through the micro-isolation traffic visualization capability, the possible transmission path of risk hosts or containers can be analyzed in time to improve the level of security protection.
Risk propagation path identification
Scenario 3: Joint defense and joint defense, automated response is easier
Yungap can cooperate with Yunyan and Yunjia to defend against viruses and loopholes, and protect assets from attacks. Cloud Gap can set linkage policy trigger conditions for security events, vulnerability risks, and asset conditions. When a security event occurs on a host or container and hits the trigger conditions, it will automatically issue a more stringent linkage policy. Through refined linkage strategies, vulnerability attacks can be prevented, the security of hosts and containers can be guaranteed, and losses caused by security vulnerabilities can be avoided.
Trigger condition configuration
Scenario 4: Retrospective audit, easy review of security incidents
When a linkage event occurs, Yungap can aggregate and display the host and container hitting the linkage strategy, and display the history of its automatic response for easy traceability. For events that are not currently being processed, the hit linkage strategy can be released with one click, which facilitates quick handling of business restrictions caused by the linkage strategy.
Linkage policy audit
Scenario 5: Dealing with large-scale offensive and defensive combat with ease
In large-scale offensive and defensive combat scenarios, combined with Yungap's access policy self-generation mode, the defender can quickly sort out access relationships and generate policies in batches. For changes in cloud workload assets, working environment, etc., it can also easily cope with large-scale offensive and defensive actual combat scenarios in combination with policy adaptive capabilities.
3. Network access control is easy
The joint discovery and defense functions of Yungap, Yunyan and Yunjia can provide more comprehensive security protection measures for data centers and effectively improve enterprise cloud-native security. As all walks of life rely more and more on emerging science and technology, whether it is daily security operation and maintenance or large-scale offensive and defensive drills to converge the attack surface and strengthen the protection surface, industry users can combine the security dog joint defense and joint defense strategy to integrate Threat detection, verification, and response handling capabilities scattered in firewalls and host security products are integrated to greatly improve the cloud-native security of enterprise users, allowing each security operation and maintenance person to "fish" at work and leave work on time. Make no mistake!
